Skip to main content



This rule belongs to the openapi-v3-standards-linting ruleset and states that:

If security mechanisms are declared for the operation using the security property, they will override any security applied at top level i.e. in the OpenAPI Object. To remove a top-level security declaration, an empty array can be used.

Maximum SeverityInformation
MessageOperation Object level security overrides the security applied at top level.
Rule SystemSemantic
Broad CategoryOperations
Products ImpactedAPI Transformer, Code Generation, Developer Experience Portal
Tagsopenapi3 openapi standards semantic linting security operation

Suggested Fixes

  • If you do not intend to override the global security applied to all operations, remove the Operation Object level security property definition
  • To remove a top-level security declaration for an operation, declare security as an empty array.

For More Information